FGT60D4614011399 (interface) # get
== [ dmz ]
name: dmz    mode: static    ip: 10.10.10.1 255.255.255.0   status: up    netbios-forward: disable    type: physical   netflow-sampler: disable    sflow-sampler: disable    explicit-web-proxy: disable    explicit-ftp-proxy: disable    mtu-override: disable    wccp: disable    drop-overlapped-fragment: disable    drop-fragment: disable
== [ wan1 ]
name: wan1    mode: pppoe    ip: x.x.236.18 255.255.255.255   status: up    netbios-forward: disable    type: physical   netflow-sampler: disable    sflow-sampler: disable    explicit-web-proxy: disable    explicit-ftp-proxy: disable    mtu-override: disable    wccp: disable    drop-overlapped-fragment: disable    drop-fragment: disable
== [ wan2 ]
name: wan2    mode: static    ip: 192.168.101.99 255.255.255.0   status: up    netbios-forward: disable    type: physical   netflow-sampler: disable    sflow-sampler: disable    explicit-web-proxy: disable    explicit-ftp-proxy: disable    mtu-override: disable    wccp: disable    drop-overlapped-fragment: disable    drop-fragment: disable
== [ modem ]
name: modem    mode: pppoe    ip: 0.0.0.0 0.0.0.0   netbios-forward: disable    type: physical   netflow-sampler: disable    sflow-sampler: disable    mtu-override: disable    wccp: disable    drop-overlapped-fragment: disable    drop-fragment: disable
== [ ssl.root ]
name: ssl.root    ip: 0.0.0.0 0.0.0.0   status: up    netbios-forward: disable    type: tunnel   netflow-sampler: disable    sflow-sampler: disable    explicit-web-proxy: disable    explicit-ftp-proxy: disable    mtu-override: disable
== [ internal ]
name: internal    mode: static    ip: 172.16.100.254 255.255.255.0   status: up    netbios-forward: disable    type: physical   netflow-sampler: disable    sflow-sampler: disable    explicit-web-proxy: disable    explicit-ftp-proxy: disable    mtu-override: disable    wccp: disable    drop-overlapped-fragment: disable    drop-fragment: disable
== [ ipsecVPN ]
name: ipsecVPN    ip: 0.0.0.0 0.0.0.0   status: up    netbios-forward: disable    type: tunnel   netflow-sampler: disable    sflow-sampler: disable    explicit-web-proxy: disable    explicit-ftp-proxy: disable



FGT60D4614011399 # config vpn ipsec phase1-interface
FGT60D4614011399 (phase1-interface) # edit ipsecVPN
FGT60D4614011399 (ipsecVPN) # get
name                : ipsecVPN
type                : static
interface           : wan1
ip-version          : 4
ike-version         : 1
local-gw            : x.x.158.14 <------------- The Static IP
nattraversal        : enable
keylife             : 86400
authmethod          : psk
mode                : aggressive
peertype            : any
mode-cfg            : enable
proposal            : aes128-sha256 aes256-sha256 3des-sha256 aes128-sha1 aes256-sha1 3des-sha1
add-route           : enable
localid             :
localid-type        : auto
negotiate-timeout   : 30
fragmentation       : enable
dpd                 : enable
forticlient-enforcement: disable
comments            : VPN: ipsecVPN (Created by VPN wizard)
npu-offload         : enable
dhgrp               : 14 5
wizard-type         : custom
xauthtype           : disable
mesh-selector-type  : disable
remote-gw           : 113.163.158.14
monitor             :
assign-ip           : enable
mode-cfg-ip-version : 4
unity-support       : enable
add-gw-route        : disable
psksecret           : *
keepalive           : 10
distance            : 15
priority            : 0
auto-negotiate      : enable
dpd-retrycount      : 3
dpd-retryinterval   : 5

FGT60D4614011399 # config vpn ipsec phase2-interface
FGT60D4614011399 (phase2-interface) # edit ipsecVPN
FGT60D4614011399 (ipsecVPN) # get
name                : ipsecVPN
phase1name          : ipsecVPN
proposal            : aes128-sha1 aes256-sha1 3des-sha1 aes128-sha256 aes256-sha256 3des-sha256
pfs                 : enable
dhgrp               : 14 5
replay              : enable
keepalive           : disable
auto-negotiate      : disable
keylife-type        : seconds
encapsulation       : tunnel-mode
comments            : VPN: ipsecVPN (Created by VPN wizard)
keylifeseconds      : 43200



FGT60D4614011399 (policy) # show
config firewall policy
    edit 6
        set uuid 9726e9f6-1458-51e4-a828-bfe896d04359
        set srcintf "ipsecVPN"
        set dstintf "internal"
        set srcaddr "ipsecVPN_range"
        set dstaddr "server_sub"
        set action accept
        set schedule "always"
        set service "ALL"
        set comments "VPN: ipsecVPN (Created by VPN wizard)"
    next
    edit 7
        set uuid 79bc7314-1344-51e4-818f-d548adc8f4cb
        set srcintf "wan1"
        set dstintf "wan1"
        set srcaddr "pptp_vpn_range"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set nat enable
    next
    edit 2
        set uuid 1a9bbc98-1257-51e4-9305-867d0ccface1
        set srcintf "wan1"
        set dstintf "internal"
        set srcaddr "pptp_vpn_range"
        set dstaddr "server_sub"
        set action accept
        set schedule "always"
        set service "ALL"
    next
    edit 5
        set uuid 48ebf74c-1320-51e4-1e97-9253b6492891
        set srcintf "wan1"
        set dstintf "internal"
        set srcaddr "all"
        set dstaddr "MailServer_Nat"
        set action accept
        set schedule "always"
        set service "ALL"
    next
    edit 1
        set uuid fc8578b6-121f-51e4-abe4-9b7131e0e522
        set srcintf "internal"
        set dstintf "wan1"
        set srcaddr "server_sub"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set global-label "From Internal Section"
        set nat enable
    next
end